Zero trust is more important now than ever before. With a newly mobile workforce, an increased urgency for cloud, and an increase in phishing and ransomware attacks, zero trust has become the next critical step in digital transformation for many.
In fact, according to a recent survey conducted by Microsoft, 51 percent of business leaders are accelerating their zero trust deployment, while 91 percent of companies report that they are in the process of deploying zero trust.
While the term “zero trust” has become well known, many are unfamiliar with the technology that powers the zero trust model that businesses strive to achieve. This is where zero trust network access (ZTNA) comes in.
Zero trust network access (ZTNA), also known as a software defined perimeter (SDP), is the technology that enables the secure connections behind a true zero trust model.
Gartner defines ZTNA as a technology that “provides controlled access to resources, reducing the surface area for attack. The isolation afforded by ZTNA improves connectivity, removing the need to directly expose applications to the internet. The internet becomes an untrusted transport and access to applications occurs through an intermediary. The intermediary can be a cloud service controlled by a third-party provider or a self-hosted service.”
– Gartner, Market Guide to Zero Trust Network Access, June 2020
But what does this mean for the business? Most importantly, it means that businesses no longer have to choose between upholding security standards and delivering a fast access experience for their users. The most popular ZTNA solutions are global cloud-delivered services that bring access as close to the user as possible, regardless of their location or device. As a result, many are switching from legacy VPN infrastructure to cloud-delivered ZTNA services.
While many vendors claim to achieve zero trust, ZTNA is differentiated from other technologies in four critical areas.
1. Users are NEVER placed on the network
Unlike technologies such as VPN, ZTNA completely isolates the act of providing application access from network access. This isolation reduces risk by keeping potentially infected devices from entering the corporate network and only grants application access to authorized users.
2. Internal apps are completely invisible
ZTNA keeps both applications and infrastructure invisible to the internet by only initiating outbound connections. Unlike VPN that makes its location known to users, ZTNA never exposes IPs to the internet, making the network dark to unwanted users and internet-based attacks.
3. Lateral movement is eliminated
ZTNA makes connections between an authorized user and a specific application on a one-to-one basis. That means IT can granularly and tactically eliminate lateral movement on the network or between applications by simply enforcing business policies. App segmentation is a native ability of ZTNA which eliminates the need to perform network segmentation.
4. The internet is used as a secure means of connectivity
ZTNA takes a user-to-application approach rather than a network-centric approach to security. The network becomes deemphasized and the internet becomes the new corporate network, leveraging end-to-end encrypted TLS micro-tunnels, dramatically reducing the need for costly MPLS links.
While there are many benefits to ZTNA, they all revolve around two important concepts: security and simplification.
ZTNA makes IT’s life easier by eliminating headaches caused by traditional remote access technologies. With ZTNA, IT can have confidence knowing that their organization is secured with the highest level of zero trust access while users effortlessly connect to internal apps, allowing business to run as normal regardless of user location.
IT doesn’t need to choose between providing security or offering a good user experience. You can achieve both, but it takes the right technology. Learn more about how ZTNA has led to the success of these business executives. Read these 3 top CxO stories.
Camilla Alhquist is a product marketing specialist at Zscaler.